Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Jakob Bohm 

On 19/12/2017 02:10, Colony.three via openssl-users wrote:

On 18/12/2017 22:35, Colony.three via openssl-users wrote:


PS, Jakob I'm getting on your email:  "This email has failed its
domain's authentication requirements. It may be spoofed or improperly
forwarded!"
The reason is: HEADER_FROM_DIFFERENT_DOMAINS,T_DKIM_INVALID


Can you send me the full headers, so I can debug?

Enjoy

Jakob






Return-Path: >

X-Original-To:colony.th...@protonmail.ch 
Delivered-To:colony.th...@protonmail.ch 
Received: from mta.openssl.org (xmpp.openssl.org [194.97.150.230]) (using 
TLSv1.2 with
  cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate 
requested) by
  mail6i.protonmail.ch (Postfix) with ESMTPS id 635D4E2F for >;
  Mon, 18 Dec 2017 17:36:53 -0500 (EST)
Received: from mta.openssl.org (localhost [IPv6:::1]) by mta.openssl.org 
(Postfix) with
  ESMTP id 870BAE6ECC; Mon, 18 Dec 2017 22:36:01 + (UTC)
Received: by mta.openssl.org (Postfix, from userid 106) id D5E38E6EBF; Mon, 18 
Dec 2017
  22:35:57 + (UTC)
Received: from smtpv6n-hq2.wisemo.com (smtpv6n-hq2.wisemo.com 
[IPv6:2a01:4f0:4018::24b])
  (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client 
certificate
  requested) by mta.openssl.org (Postfix) with ESMTPS id CB89CE6EBF for
  >; Mon, 18 Dec 
2017 22:35:56 + (UTC)
Received: from jb0008.i.wisemo.com ([2a01:4f0:4018:f0:fabc:12ff:fe78:9014]) by
  mailout.i.wisemo.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 
4.80)
  (envelope-from >) id 
1eR40p-jg-Kf for
  openssl-users@openssl.org ; Mon, 18 Dec 
2017 23:35:55 +0100
Authentication-Results: mail6i.protonmail.ch; dmarc=fail (p=none dis=none)
  header.from=wisemo.com
Authentication-Results: mail6i.protonmail.ch; spf=none
  smtp.mailfrom=openssl-users-boun...@openssl.org 


Authentication-Results: mail6i.protonmail.ch; dkim=fail reason="signature 
verification
  failed" (2048-bit key) header.d=wisemo.com header.i=@wisemo.com 
header.b="FD31MWS4"
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on maili.protonmail.ch
X-Spam-Level: **
X-Spam-Status: No, score=2.3 required=4.0 tests=DKIM_SIGNED,
  HEADER_FROM_DIFFERENT_DOMAINS,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=no
  autolearn_force=no version=3.4.0
Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=wisemo.com; 
s=v2016;
  
  h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject;

  bh=rWDo5ZVDxE3Y8t96X0ktB8yt0P5rzC+4PmeG1upOaRI=;
  
  b=FD31MWS4Qjwk0h1d1L5sBiACNSThWYoMRmzye4hP5+hIDqU+9bGRAyLvYqCPDVEhGMpCfOO2h7Jffkp32kSgZ4F8r8a0IO9MVkX65S4t5mIah5d3/vyZFxyOtAhSByJy6yWd32vUlG5JuuECt96sz/kg7hWOcUCGs1OOnTSi5/PJZwOBIwf6ZiATElTUrM+jAecoKw0ErgUmZ6po2J4A+9nBILmn5vYLSS/FklVIKZEUuNBW8f2fs3uNo/DYUCXNlIaB3wVP4A5XV7uOVOJBiQ3i5njunAxqZJdRJs0cXSjPZ2Km3ciELCRVqi9K6CDPwnL7eVwJNdhj77UTDCBQDQ==;

To: "Colony.three via openssl-users" >
References: 
<4mvmY5QeDcVaNTb3ESs174N_UTtbj0PYXYaGzuIpm0eTtX3xSH_z3OJVtCKZpxpiVGjE6dRE8wnTQUnyj3ybWQ==@protonmail.ch>

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Colony.three via openssl-users 
> I find that Firefox refuses to do any ephemeral ciphers whatsoever.  What the 
> heck?  Why am I surprised.  Somebody paid them.
>
> If you follow Schnieder, elliptic curve is not an option.
>
> I know you guys are severely underfunded, but is there any chance that 
> lattice encryption will be coming soon?  I've searched until my face turned 
> blue.

VPN is doing it now:  https://wiki.strongswan.org/projects/strongswan/wiki/Bliss-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Colony.three via openssl-users 
On 18/12/2017 22:35, Colony.three via openssl-users wrote:

>> PS, Jakob I'm getting on your email:  "This email has failed its
>> domain's authentication requirements. It may be spoofed or improperly
>> forwarded!"
>> The reason is: HEADER_FROM_DIFFERENT_DOMAINS,T_DKIM_INVALID
>
> Can you send me the full headers, so I can debug?
>
> Enjoy
>
> Jakob

Return-Path: <
openssl-users-boun...@openssl.org
>
X-Original-To:
colony.th...@protonmail.ch
Delivered-To:
colony.th...@protonmail.ch
Received: from mta.openssl.org (xmpp.openssl.org [194.97.150.230]) (using 
TLSv1.2 with
 cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate 
requested) by
 mail6i.protonmail.ch (Postfix) with ESMTPS id 635D4E2F for <
colony.th...@protonmail.ch
>;
 Mon, 18 Dec 2017 17:36:53 -0500 (EST)
Received: from mta.openssl.org (localhost [IPv6:::1]) by mta.openssl.org 
(Postfix) with
 ESMTP id 870BAE6ECC; Mon, 18 Dec 2017 22:36:01 + (UTC)
Received: by mta.openssl.org (Postfix, from userid 106) id D5E38E6EBF; Mon, 18 
Dec 2017
 22:35:57 + (UTC)
Received: from smtpv6n-hq2.wisemo.com (smtpv6n-hq2.wisemo.com 
[IPv6:2a01:4f0:4018::24b])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client 
certificate
 requested) by mta.openssl.org (Postfix) with ESMTPS id CB89CE6EBF for
 <
openssl-users@openssl.org
>; Mon, 18 Dec 2017 22:35:56 + (UTC)
Received: from jb0008.i.wisemo.com ([2a01:4f0:4018:f0:fabc:12ff:fe78:9014]) by
 mailout.i.wisemo.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 
4.80)
 (envelope-from <
jb-open...@wisemo.com
>) id 1eR40p-jg-Kf for
openssl-users@openssl.org
; Mon, 18 Dec 2017 23:35:55 +0100
Authentication-Results: mail6i.protonmail.ch; dmarc=fail (p=none dis=none)
 header.from=wisemo.com
Authentication-Results: mail6i.protonmail.ch; spf=none
 smtp.mailfrom=
openssl-users-boun...@openssl.org
Authentication-Results: mail6i.protonmail.ch; dkim=fail reason="signature 
verification
 failed" (2048-bit key) header.d=wisemo.com header.i=@wisemo.com 
header.b="FD31MWS4"
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on maili.protonmail.ch
X-Spam-Level: **
X-Spam-Status: No, score=2.3 required=4.0 tests=DKIM_SIGNED,
 HEADER_FROM_DIFFERENT_DOMAINS,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=no
 autolearn_force=no version=3.4.0
Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=wisemo.com; 
s=v2016;

 
h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject;
 bh=rWDo5ZVDxE3Y8t96X0ktB8yt0P5rzC+4PmeG1upOaRI=;

 
b=FD31MWS4Qjwk0h1d1L5sBiACNSThWYoMRmzye4hP5+hIDqU+9bGRAyLvYqCPDVEhGMpCfOO2h7Jffkp32kSgZ4F8r8a0IO9MVkX65S4t5mIah5d3/vyZFxyOtAhSByJy6yWd32vUlG5JuuECt96sz/kg7hWOcUCGs1OOnTSi5/PJZwOBIwf6ZiATElTUrM+jAecoKw0ErgUmZ6po2J4A+9nBILmn5vYLSS/FklVIKZEUuNBW8f2fs3uNo/DYUCXNlIaB3wVP4A5XV7uOVOJBiQ3i5njunAxqZJdRJs0cXSjPZ2Km3ciELCRVqi9K6CDPwnL7eVwJNdhj77UTDCBQDQ==;
To: "Colony.three via openssl-users" <
openssl-users@openssl.org
>
References: 
<4mvmY5QeDcVaNTb3ESs174N_UTtbj0PYXYaGzuIpm0eTtX3xSH_z3OJVtCKZpxpiVGjE6dRE8wnTQUnyj3ybWQ==@protonmail.ch>

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Jakob Bohm 

On 18/12/2017 22:35, Colony.three via openssl-users wrote:
PS, Jakob I'm getting on your email:  "This email has failed its 
domain's authentication requirements. It may be spoofed or improperly 
forwarded!"


The reason is: HEADER_FROM_DIFFERENT_DOMAINS,T_DKIM_INVALID


Can you send me the full headers, so I can debug?

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Colony.three via openssl-users 
PS, Jakob I'm getting on your email:  "This email has failed its domain's 
authentication requirements. It may be spoofed or improperly forwarded!"

The reason is:  HEADER_FROM_DIFFERENT_DOMAINS,T_DKIM_INVALID-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Colony.three via openssl-users 
.

> For your information, I actually tracked down the original report
> about this (and posted some corrections in a comment to the
> researcher):
>
> - This was not HP's keyboard driver.  This was Synaptics' touch
>   pad driver (SynTP.sys).

Never said it is HP's driver.  But understand, that it only went in to HP 
machines.

As far as we know.  That, I have said.

> - The code in question was apparently the common classic issue
>   that the driver checks if a hotkey related to the touchpad is
>   pressed, and has a test feature to help each laptop manufacturer
>   check if they configured the correct (laptop-specific) scan code
>   for that hotkey by using a special test driver that logs the keys
>   that match/don't match the configured one.  On a number of
>   occasions HP (and maybe others) have sent such test drivers to end
>   users instead of the drivers without the debug feature.

A keylogger is not useful in this case, particularly as timing is an acute 
issue.  At the most basic, when they want what you portray, a utility like 
evtest.

> - In this case, no keys were logged unless someone (or something)
>   with admin rights on the laptop did extra steps to turn on the
>   feature and to read back the results.  Any malicious code with
>   those rights could just install its own logging without depending
>   on that particular wrong driver being installed,
> -  So to me, that particular issue falls into the less serious tier of:
> Possible misuse if other things go wrong first, upgrade when ready as
> a defense in depth.
> -  Jakob

Correct, it is not turned on by default.  Never said otherwise.  But it can be 
manually.

So far I've raised three independent issues in this thread, and have been 
fought on all three.  I am bored now with trying to raise awareness, so let's 
just all agree that nobody wants to hear it.  You do your thing and I'll do 
mine.-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Jakob Bohm 

On 18/12/2017 20:50, Colony.three via openssl-users wrote:



On Mon, Dec 18, 2017 at 9:59 AM, Colony.three via openssl-users
openssl-users@openssl.org wrote:

Hear about the HP keylogging case recently? Do you think a
keylogger is
actually used in testing of a keyboard driver, in practice?

Yes.

More specifically, it's used to ensure that the scancodes that should
be detected when a particular key is hit or released are actually
detected when that key is hit or released. It's also useful for
identifying how a particular keyboard has failed, to see which
scancodes aren't being transmitted properly.

That said, it's not something that should be left in a production
driver. It's more suited for a development/diagnostics station than a
general-purpose system.



Actually no.  Microseconds count, when testing a keyboard driver.  
It's easy to imagine that a keylogger could be used, that's why the 
cover story worked on so many.  But in actual practice it's not useful.




(Eeesh. And my friends call /me/"paranoid".)



It's easy to characterize this as paranoia.  Unless you are paying 
attention to -facts- as the feedstock.



For your information, I actually tracked down the original report
about this (and posted some corrections in a comment to the
researcher):

1. This was not HP's keyboard driver.  This was Synaptics' touch
  pad driver (SynTP.sys).

2. The code in question was apparently the common classic issue
  that the driver checks if a hotkey related to the touchpad is
  pressed, and has a test feature to help each laptop manufacturer
  check if they configured the correct (laptop-specific) scan code
  for that hotkey by using a special test driver that logs the keys
  that match/don't match the configured one.  On a number of
  occasions HP (and maybe others) have sent such test drivers to end
  users instead of the drivers without the debug feature.

3. In this case, no keys were logged unless someone (or something)
  with admin rights on the laptop did extra steps to turn on the
  feature and to read back the results.  Any malicious code with
  those rights could just install its own logging without depending
  on that particular wrong driver being installed.

So to me, that particular issue falls into the less serious tier of:
Possible misuse if other things go wrong first, upgrade when ready as
a defense in depth.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Colony.three via openssl-users 
>> On Mon, Dec 18, 2017 at 9:59 AM, Colony.three via openssl-users
>> openssl-users@openssl.org wrote:
>>
>>> Hear about the HP keylogging case recently? Do you think a keylogger is
>>> actually used in testing of a keyboard driver, in practice?
>>>
>>> Yes.
>>>
>>> More specifically, it's used to ensure that the scancodes that should
>>> be detected when a particular key is hit or released are actually
>>> detected when that key is hit or released. It's also useful for
>>> identifying how a particular keyboard has failed, to see which
>>> scancodes aren't being transmitted properly.
>>>
>>> That said, it's not something that should be left in a production
>>> driver. It's more suited for a development/diagnostics station than a
>>> general-purpose system.
>
> Actually no.  Microseconds count, when testing a keyboard driver.  It's easy 
> to imagine that a keylogger could be used, that's why the cover story worked 
> on so many.  But in actual practice it's not useful.
>
>>> (Eeesh. And my friends call me "paranoid".)
>
> It's easy to characterize this as paranoia.  Unless you are paying attention 
> to -facts- as the feedstock.

I should have said, "It's easy --and fun-- to characterize this as paranoia."-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Colony.three via openssl-users 
> On Mon, Dec 18, 2017 at 9:59 AM, Colony.three via openssl-users
> openssl-users@openssl.org wrote:
>
>> Hear about the HP keylogging case recently? Do you think a keylogger is
>> actually used in testing of a keyboard driver, in practice?
>>
>> Yes.
>>
>> More specifically, it's used to ensure that the scancodes that should
>> be detected when a particular key is hit or released are actually
>> detected when that key is hit or released. It's also useful for
>> identifying how a particular keyboard has failed, to see which
>> scancodes aren't being transmitted properly.
>>
>> That said, it's not something that should be left in a production
>> driver. It's more suited for a development/diagnostics station than a
>> general-purpose system.

Actually no.  Microseconds count, when testing a keyboard driver.  It's easy to 
imagine that a keylogger could be used, that's why the cover story worked on so 
many.  But in actual practice it's not useful.

>> (Eeesh. And my friends call me "paranoid".)

It's easy to characterize this as paranoia.  Unless you are paying attention to 
-facts- as the feedstock.-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Kyle Hamilton 
On Mon, Dec 18, 2017 at 9:59 AM, Colony.three via openssl-users
 wrote:
>
> Hear about the HP keylogging case recently?  Do you think a keylogger is
> actually used in testing of a keyboard driver, in practice?

Yes.

More specifically, it's used to ensure that the scancodes that should
be detected when a particular key is hit or released are actually
detected when that key is hit or released.  It's also useful for
identifying how a particular keyboard has failed, to see which
scancodes aren't being transmitted properly.

That said, it's not something that should be left in a production
driver.  It's more suited for a development/diagnostics station than a
general-purpose system.

(Eeesh.  And my friends call *me* "paranoid".)

-Kyle H
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Colony.three via openssl-users 
> Colony.three via openssl-users wrote:
>
>> I've set mine to test this comprehensively. (Apache and NginX)  With
>> Apache Firefox -ignores- server-prescribed ciphers and chooses an EC.
>> NginX does properly prevail with the algo.  Was this an accident, Apache?
>>
>> I'd suggest to read the Apache httpd docs first:
>>
>> https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder

So you think I didn't use this.

For those who are aware, I implied this by intentionally using the word 
'insist' WRT NginX.  I could have overtly said what proper options I'd used for 
every case in every instance, but I was hoping  ppl here would see.

This is why I believe this is not an accident.

Hear about the [HP keylogging 
case](http://www.bbc.com/news/technology-42309371) recently?  Do you think a 
keylogger is actually used in testing of a keyboard driver, in practice?

How about you actually try  SSLHonorCipherOrder on in Apache, Michael, and try 
the different cipher combinations?  Let us know how it works out.-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Colony.three via openssl-users 
> Have you submitted a bug report for Apache (not honouring server config 
> cipher order) if one doesn't exist?

That never works.

> As for resistant to quantum computers, given the current aim is for systems 
> that can calculate things that would currently take the age of the universe 
> to calculate, resistance is futile ;)

I never allow the perfect, to become the enemy of the good.

I am looking forward to lattice.-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Michael Ströder 
Colony.three via openssl-users wrote:
> I've set mine to test this comprehensively. (Apache and NginX)  With
> Apache Firefox -ignores- server-prescribed ciphers and chooses an EC. 
> NginX does properly prevail with the algo.  Was this an accident, Apache?

I'd suggest to read the Apache httpd docs first:

https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder

Ciao, Michael.



smime.p7s
Description: S/MIME Cryptographic Signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Alan Buxey 
Have you submitted a bug report for Apache (not honouring server config
cipher order) if one doesn't exist?

As for resistant to quantum computers, given the current aim is for systems
that can calculate things that would currently take the age of the universe
to calculate, resistance is futile ;)

alan

On 18 Dec 2017 4:47 pm, "Colony.three via openssl-users" <
openssl-users@openssl.org> wrote:

>
>
>- FF claims it does DHE/EDH
>
> ,
>but it does not actually, in practice.  It does either EC, or RSA.  I've
>tested it. (v52)  This does not look like an accident.
>
>  Have you find a server that does DHE/EDH, and only that, that FF cannot
> connect to?
>
>
> I've set mine to test this comprehensively. (Apache and NginX)  With
> Apache Firefox -ignores- server-prescribed ciphers and chooses an EC.
> NginX does properly prevail with the algo.  Was this an accident, Apache?
>
> And Firefox simply can not make a connexion when the only choices are the
> DHE/EDH algos -- which they say they can do here
> 
> .
>
>
>
>- "*Prefer conventional discrete-log-based systems over elliptic-curve
>systems; the latter have constants that the NSA influences when they can.*
>"
>
> I missed that, thanks.  And for non-NSA curves that aren’t influenced?
>
>
> As with Schnier, I don't trust any EC.  It's a shame.  I am looking
> forward to independent lattice
> .
> (Not that Mozilla, will implement it)  For now I'm set to DHE/EDH
> (fruitlessly) and RSA (AES).  RSA is cracked by a very few, but this is the
> decision I've made.
>
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Colony.three via openssl-users 
> - FF [claims it does 
> DHE/EDH](https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.mozilla.org_Security_Server-5FSide-5FTLS-23Intermediate-5Fcompatibility-5F.28default.29=DwMGaQ=96ZbZZcaMF4w0F4jpN6LZg=4LM0GbR0h9Fvx86FtsKI-w=XJoX203uiiC98n6L2888TI9zC37FTWeD7taNoV50GDE=v0qGxpAFrqvTmiNnI5_Cl-Yd-tKrA-FDw6jO-lERXjY=),
>  but it does not actually, in practice.  It does either EC, or RSA.  I've 
> tested it. (v52)  This does not look like an accident.
>
>  Have you find a server that does DHE/EDH, and only that, that FF cannot 
> connect to?

I've set mine to test this comprehensively. (Apache and NginX)  With Apache 
Firefox -ignores- server-prescribed ciphers and chooses an EC.  NginX does 
properly prevail with the algo.  Was this an accident, Apache?

And Firefox simply can not make a connexion when the only choices are the 
DHE/EDH algos -- which they say they can do 
[here](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29).

> - "Prefer conventional discrete-log-based systems over elliptic-curve 
> systems; the latter have constants that the NSA influences when they can."
>
> I missed that, thanks.  And for non-NSA curves that aren’t influenced?

As with Schnier, I don't trust any EC.  It's a shame.  I am looking forward to 
[independent 
lattice](https://policyreview.info/articles/news/post-snowden-cryptography-and-network-security/390).
 (Not that Mozilla, will implement it)  For now I'm set to DHE/EDH 
(fruitlessly) and RSA (AES).  RSA is cracked by a very few, but this is the 
decision I've made.-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Colony.three via openssl-users 
>> Okay, FF does ECDHE not DHE/EDH.  The whole industry does that, and most are 
>> using X25519 which was developed by Dan Bernstein.
>
> FF [claims it does 
> DHE/EDH](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29),
>  but it does not actually, in practice.  It does either EC, or RSA.  I've 
> tested it. (v52)  This does not look like an accident.
>
>>  The Guardian article you referenced didn’t even have the word curve in it.  
>> My question – do you have a reference that shows Schneier says not to use 
>> elliptic curve – was not answered.
>
> You don't have to read the article if you don't want to.
> "Prefer conventional discrete-log-based systems over elliptic-curve systems; 
> the latter have constants that the NSA influences when they can."
>
>> - The NSA actually provided the elliptic curves for NIST's standards.  And 
>> the Snowden docs now show that those curves are related.
>>
>> No they do not show that the curves are related.  And BTW, NIST just put 
>> 25519 and 448 into their recommended list.
>
> By its nature (secrecy), nothing public will prove the curves are related.  
> But Snowden documents show that they are.  And related curves have an 
> inherent shortcut to cracking, which any well-funded haqxor or 
> state-sponsored entity will have access to.
>
> From: noloa...@gmail.com
>
>>> Later I realized that was the best warning Google and Schmidt could
>>> give. He basically told you government has infiltrated their systems,
>>> and you should avoid their systems if security and privacy matters.
>
> What great PR, that it's become almost instinctive for people to ascribe 
> benevolance to G**gle.  I believe that Schmidt was telling us his true 
> position though.
>
> The one I am angry with is Mozilla, for not giving us a choice.  Chrome is a 
> choice?!  Safari is a choice?!  IE is a choice?!  No.  They are not.-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Jeffrey Walton 
On Mon, Dec 18, 2017 at 1:38 AM, Colony.three via openssl-users
 wrote:
>
> G**gle's Eric Schmidt says, "If you have something that you don't want
> anyone to know, maybe you shouldn't be doing it in the first place.  This is
> a profoundly undemocratic attitude.  What would Thomas Paine, or Ben
> Franklin, or Patrick Henry say to this?

Off-topic, but... I was angry when I first read that, too.

Later I realized that was the best warning Google and Schmidt could
give. He basically told you government has infiltrated their systems,
and you should avoid their systems if security and privacy matters.

It is not just Google, but Google is the only one who has warned you.
Government has infiltrated other systems, including Apple, Amazon,
Microsoft, Saleforce, Rackspace and friends. You should be angry the
others have not warned you :)

Just avoid Google, Microsoft, Amazon and friends if your security and
privacy matters.

Jeff
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Lattice Ciphers

2017-12-18 Thread Salz, Rich via openssl-users 
Okay, FF does ECDHE not DHE/EDH.  The whole industry does that, and most are 
using X25519 which was developed by Dan Bernstein.

The Guardian article you referenced didn’t even have the word curve in it.  My 
question – do you have a reference that shows Schneier says not to use elliptic 
curve – was not answered.

  *   The NSA actually provided the elliptic curves for NIST's standards.  And 
the Snowden docs now show that those curves are related.
No they do not show that the curves are related.  And BTW, NIST just put 25519 
and 448 into their recommended list.

  *   PS - does OpenSSL get funding from the DoD?
Not that we know of, not at the present time.  Various branches did help fund 
FIPS work in the past.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users